libdigidocpp
|
#include <X509Cert.h>
Public Types | |
enum | KeyUsage { DigitalSignature = 0, NonRepudiation, KeyEncipherment, DataEncipherment, KeyAgreement, KeyCertificateSign, CRLSign, EncipherOnly, DecipherOnly } |
Public Member Functions | |
X509Cert () | |
X509Cert (X509 *cert) throw (IOException) | |
X509Cert (const std::vector< unsigned char > &bytes) throw (IOException) | |
X509Cert (const X509Cert ©) throw (IOException) | |
~X509Cert () | |
int | getPaddingSize () const throw (IOException) |
std::vector< unsigned char > | encodeDER () const throw (IOException) |
std::string | getSerial () const throw (IOException) |
X509_NAME * | getIssuerNameAsn1 () const |
std::string | getIssuerName (const std::string &obj="") const throw (IOException) |
std::vector< KeyUsage > | getKeyUsage () const throw (IOException) |
std::vector< std::string > | getCertificatePolicies () const throw (IOException) |
std::string | getSubjectName (const std::string &obj="") const throw (IOException) |
std::vector< unsigned char > | getRsaModulus () const throw (IOException) |
std::vector< unsigned char > | getRsaExponent () const throw (IOException) |
X509 * | getX509 () const throw (IOException) |
X509 * | handle () const |
bool | isValid () const throw (IOException) |
bool | verify () const throw (IOException) |
int | compareIssuerToString (const std::string &name) const throw (IOException) |
X509Cert & | operator= (const X509Cert ©) throw (IOException) |
bool | operator== (const X509Cert &other) const |
Static Public Member Functions | |
static X509 * | copyX509 (X509 *cert) throw (IOException) |
static X509 * | loadX509 (const std::string &path) throw (IOException) |
Private Member Functions | |
EVP_PKEY * | getPublicKey () const throw (IOException) |
std::string | toString (X509_NAME *name, const std::string &obj) const throw (IOException) |
Private Attributes | |
X509 * | cert |
Wrapper for OpenSSL X509 certificate structure.
Definition at line 34 of file X509Cert.h.
DigitalSignature | |
NonRepudiation | |
KeyEncipherment | |
DataEncipherment | |
KeyAgreement | |
KeyCertificateSign | |
CRLSign | |
EncipherOnly | |
DecipherOnly |
Definition at line 38 of file X509Cert.h.
digidoc::X509Cert::X509Cert | ( | ) |
Creates NULL X509 certificate.
Definition at line 36 of file X509Cert.cpp.
digidoc::X509Cert::X509Cert | ( | X509 * | cert | ) | throw (IOException) |
Creates copy of the X509 certificate.
cert | X509 certificate structure to be wrapped. |
IOException | throws exception if the X509 certificate structure copy fails. |
Definition at line 44 of file X509Cert.cpp.
digidoc::X509Cert::X509Cert | ( | const std::vector< unsigned char > & | bytes | ) | throw (IOException) |
Creates X509 certificate from the provider DER encoded bytes.
bytes | X509 certificate in DER encoding. |
IOException | throws exception if X509 certificate parsing failed. |
Definition at line 56 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
digidoc::X509Cert::X509Cert | ( | const X509Cert & | copy | ) | throw (IOException) |
Copy constructor.
copy | instance of X509Cert class to be copied. |
IOException | throws exception if the X509 cert structure copy fails. |
Definition at line 79 of file X509Cert.cpp.
digidoc::X509Cert::~X509Cert | ( | ) |
Clean up underlying X509* struct.
Definition at line 88 of file X509Cert.cpp.
int digidoc::X509Cert::compareIssuerToString | ( | const std::string & | name | ) | const throw (IOException) |
Check if X509Cert issuer is same as provided issuer name by http://www.w3.org/TR/xmldsig-core/#dname-encrules which refers to http://www.ietf.org/rfc/rfc4514.txt
String X.500 AttributeType CN commonName (2.5.4.3) L localityName (2.5.4.7) ST stateOrProvinceName (2.5.4.8) O organizationName (2.5.4.10) OU organizationalUnitName (2.5.4.11) C countryName (2.5.4.6) STREET streetAddress (2.5.4.9) DC domainComponent (0.9.2342.19200300.100.1.25) UID userId (0.9.2342.19200300.100.1.1)
These attribute types are described in [RFC4519]. Implementations MAY recognize other DN string representations. However, as there is no requirement that alternative DN string representations be recognized (and, if so, how), implementations SHOULD only generate DN strings in accordance with Section 2 of this document.
issuer | name |
IOException | if error |
Definition at line 543 of file X509Cert.cpp.
References i.
Referenced by digidoc::SignatureBES::checkKeyInfo().
|
static |
Creates a copy of the X509 certificate.
cert | X509 certificate to be copied. |
IOException | throws exception if the X509 cert structure copy fails. |
Definition at line 123 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
Referenced by digidoc::X509CertStore::getCert().
std::vector< unsigned char > digidoc::X509Cert::encodeDER | ( | ) | const throw (IOException) |
Encodes the X509 certificate using DER encoding.
IOException | throws exception if encoding failed. |
Definition at line 171 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
Referenced by digidoc::SignatureTM::addCertificateValue(), digidoc::SignatureBES::checkKeyInfo(), digidoc::SignatureTM::setOCSPCertificate(), and digidoc::Signature::setSigningCertificate().
std::vector< std::string > digidoc::X509Cert::getCertificatePolicies | ( | ) | const throw (IOException) |
Returns current certificate policies
Definition at line 288 of file X509Cert.cpp.
References i.
Referenced by digidoc::CNGSigner::type(), and digidoc::EstEIDSigner::type().
std::string digidoc::X509Cert::getIssuerName | ( | const std::string & | obj = "" | ) | const throw (IOException) |
Converts X.509 issuer name to string.
IOException | exception is throws if the conversion failed. |
Definition at line 253 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
Referenced by digidoc::SignatureBES::checkKeyInfo(), digidoc::SignatureTM::notarize(), digidoc::SignatureTM::setOCSPCertificate(), digidoc::Signature::setSigningCertificate(), and digidoc::SignatureBES::validateOnline().
X509_NAME * digidoc::X509Cert::getIssuerNameAsn1 | ( | ) | const |
Definition at line 242 of file X509Cert.cpp.
Referenced by digidoc::SignatureBES::validateOnline().
std::vector< digidoc::X509Cert::KeyUsage > digidoc::X509Cert::getKeyUsage | ( | ) | const throw (IOException) |
Returns current certificate key usage bits
Definition at line 267 of file X509Cert.cpp.
Referenced by digidoc::CNGSignerPrivate::CertFilter(), and digidoc::SignatureBES::checkSigningCertificate().
int digidoc::X509Cert::getPaddingSize | ( | ) | const throw (IOException) |
IOException | exception is thrown when failed to get padding size. |
Definition at line 198 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
Referenced by digidoc::DDoc::sign(), digidoc::CNGSigner::type(), and digidoc::EstEIDSigner::type().
|
private |
IOException | throws exception if public key is missing. |
Definition at line 379 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
std::vector< unsigned char > digidoc::X509Cert::getRsaExponent | ( | ) | const throw (IOException) |
IOException | throws exception if the RSA exponent extraction failed. |
Definition at line 425 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
Referenced by digidoc::Signature::setSigningCertificate().
std::vector< unsigned char > digidoc::X509Cert::getRsaModulus | ( | ) | const throw (IOException) |
IOException | throws exception if the RSA modulus extraction failed. |
Definition at line 394 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
Referenced by digidoc::Signature::setSigningCertificate().
std::string digidoc::X509Cert::getSerial | ( | ) | const throw (IOException) |
IOException | exception is thrown if the serial is incorrect. |
Definition at line 217 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
Referenced by digidoc::SignatureTM::addCertificateValue(), digidoc::SignatureBES::checkKeyInfo(), digidoc::SignatureTM::setOCSPCertificate(), digidoc::Signature::setSigningCertificate(), and testShowCertInfo().
std::string digidoc::X509Cert::getSubjectName | ( | const std::string & | obj = "" | ) | const throw (IOException) |
Converts X.509 subject to string.
IOException | exception is throws if the conversion failed. |
Definition at line 314 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
Referenced by digidoc::SignatureTM::addCertificateValue(), digidoc::PKCS11SignerPrivate::createPKCS11Cert(), and open().
X509 * digidoc::X509Cert::getX509 | ( | ) | const throw (IOException) |
IOException | throws exception if the X509 cert structure copy fails. |
Definition at line 111 of file X509Cert.cpp.
Referenced by digidoc::SignatureBES::validateOnline().
X509 * digidoc::X509Cert::handle | ( | ) | const |
Definition at line 452 of file X509Cert.cpp.
Referenced by digidoc::SignatureBES::checkSignatureValue(), digidoc::CNGSigner::getCert(), and digidoc::PKCS11Signer::getCert().
bool digidoc::X509Cert::isValid | ( | ) | const throw (IOException) |
Definition at line 457 of file X509Cert.cpp.
References THROW_IOEXCEPTION.
Referenced by digidoc::PKCS11Signer::getCert().
|
static |
Parses X.509 PEM formatted certificate from file. NB! This struct must be freed using X509_free() function from OpenSSL or with X509_scope struct.
path | PEM formatted X.509 certificate file path. |
IOException | throws exception if the file does not contain X.509 PEM formatted certificate. |
Definition at line 143 of file X509Cert.cpp.
References file, and THROW_IOEXCEPTION.
Referenced by digidoc::DirectoryX509CertStore::loadCerts(), and testRSASigner().
digidoc::X509Cert & digidoc::X509Cert::operator= | ( | const X509Cert & | copy | ) | throw (IOException) |
Assignment operator.
copy | instance of X509Cert class to be assigned. |
IOException | throws exception if the X509 cert structure copy fails. |
Definition at line 100 of file X509Cert.cpp.
bool digidoc::X509Cert::operator== | ( | const X509Cert & | other | ) | const |
Definition at line 466 of file X509Cert.cpp.
References cert.
|
private |
Converts X509_NAME struct to string.
name | X509_NAME struct that is converted to string. |
IOException | throws exception if conversion failed. |
Definition at line 330 of file X509Cert.cpp.
References e, i, and THROW_IOEXCEPTION.
bool digidoc::X509Cert::verify | ( | ) | const throw (IOException) |
Check if X509Cert is signed by trusted issuer
IOException | if error |
Definition at line 480 of file X509Cert.cpp.
References digidoc::Exception::CertificateIssuerMissing, DECLARE_OPENSSL_RELEASE_STRUCT, e, digidoc::X509CertStore::getCertStore(), digidoc::X509CertStore::getInstance(), and THROW_IOEXCEPTION.
Referenced by digidoc::SignatureBES::checkSigningCertificate(), and testX509Verify().
|
private |
Definition at line 84 of file X509Cert.h.
Referenced by digidoc::PKCS11Signer::getCert(), and operator==().